Hunton Andrews Kurth writes: On January 27, 2021, the French Data Protection Authority (the “CNIL”) announced (in French) that it imposed a fine of €150,000 on a data controller, and a fine of €75,000 on its data processor, for failure to implement adequate security measures to protect customers’ personal data against credential stuffing attacks on the website…
Category: Subcontractor
Florida Healthy Kids website breached; vendor blamed for not patching
What’s that feeling when you learn your web hosting vendor for the past 7 years had unpatched vulnerabilities that permitted thousands of individuals’ personal information to be accessed without authorization? Nausea? Disgust? Something else? Florida Healthy Kids Corporation posted a notice on their site about an incident that they attribute to Jelly Bean Communications Design. …
Rady Children’s Hospital sued over Blackbaud breach
Law360 is reporting that Rady Children’s Hospital has been sued over the Blackbaud ransomware breach. The complaint alleges violations of California’s Confidentiality of Medical Information Act . The hospital had reported in October that they were notifying 19,788 about the breach. Access to the Law360 article is restricted to subscribers, but DataBreaches.net’s tracking file on…
Wisconsin Medicaid information accessed by unauthorized individual
Devin Willems reports: Gainwell Technologies announced that someone may have gained unauthorized access to some participants’ information in Wisconsin’s Medicaid program. According to a release, an unauthorized individual gained access to an account starting on Oct. 29, 2020, that may have exposed the names, member identification numbers and billing codes for services received of some…
Ronald McDonald House notifying almost 18,000 guests of Blackbaud breach
Those of us who frequently check state attorneys general sites are well aware that there are still many consumers and patients who are first being notified of the Blackbaud ransomware incident last year. Ronald McDonald House is well-known in the U.S., for offering housing accommodations to families who have children being treated for serious illnesses. …
Saskatchewan privacy commissioner investigates potential breach of hunting licensing system
There was one email breach involving guns in Australia but also one email breach involving guns in Canada this week. Jonathan Guignard reports: Saskatchewan’s privacy commissioner is investigating a potential privacy breach involving the province’s hunting, angling, and trapping licence system (HAL system). The province said the incident occurred on Jan. 7 when an email regarding Hunter…